pgAudit 1.5.4 (upcoming) commit log

Fix typos.

commit   : 164d4d950e070eb8a21f07db0cea5acc802e56e6    
  
author   : David Steele <[email protected]>    
date     : Fri, 9 Jun 2023 18:18:27 +0300    
  
committer: David Steele <[email protected]>    
date     : Fri, 9 Jun 2023 18:18:27 +0300    

Click here for diff

M pgaudit.c

Add log_parameter_max_size to set maximum size of logged parameters.

commit   : be3ede072b2835c36d7bbccc898fedcbce247156    
  
author   : Christophe Pettus <[email protected]>    
date     : Sat, 29 Apr 2023 09:22:53 -0700    
  
committer: GitHub <[email protected]>    
date     : Sat, 29 Apr 2023 09:22:53 -0700    

Click here for diff

If setting is non-zero, any parameter value whose storage representation is longer in bytes than the setting is replaced by a placeholder, <long param suppressed>. We use the storage format size rather than number of characters to avoid having to pull in, potentially decompress, and character-encode or scan the value just to throw it away.

M README.md
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Update Github action/checkout to new version.

commit   : 1d07ac4851fe5c26a13935b29971f6f4c1ad32e1    
  
author   : David Steele <[email protected]>    
date     : Thu, 27 Apr 2023 22:31:50 +0300    
  
committer: David Steele <[email protected]>    
date     : Thu, 27 Apr 2023 22:31:50 +0300    

Click here for diff

This removes the deprecation warning.  

M .github/workflows/test.yml

Explicitly install pg_statements in Makefile.

commit   : 70be4e2792c10136ab78eeb0ca0b47babcb57207    
  
author   : David Steele <[email protected]>    
date     : Thu, 27 Apr 2023 22:18:23 +0300    
  
committer: David Steele <[email protected]>    
date     : Thu, 27 Apr 2023 22:18:23 +0300    

Click here for diff

This is required by in-tree builds and is ignored by CI.  

M Makefile

Redact password for create/alter user mapping.

commit   : bc628c582e4eeaed4a232a3c2c13187cd9b0a3a8    
  
author   : James Pang <[email protected]>    
date     : Fri, 28 Apr 2023 00:41:07 +0800    
  
committer: GitHub <[email protected]>    
date     : Fri, 28 Apr 2023 00:41:07 +0800    

Click here for diff

Passwords are redacted in the same fashion as create/alter user.

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

commit   : c8630ddc41c56ee693c934a898225a60891204a6    
  
author   : David Youatt <[email protected]>    
date     : Wed, 4 Jan 2023 01:31:31 -0800    
  
committer: GitHub <[email protected]>    
date     : Wed, 4 Jan 2023 01:31:31 -0800    

Click here for diff

M pgaudit.c

Add caveat about auditing superusers.

commit   : 8349710fbbe38ca9518ebe753a528b94f5ab2c19    
  
author   : David Steele <[email protected]>    
date     : Tue, 14 Jun 2022 13:32:06 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 14 Jun 2022 13:32:06 -0400    

Click here for diff

M README.md

PostgreSQL 15 support.

commit   : ee1c3f5d042ff9a031ca515305b3ede8526b28b3    
  
author   : David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 16:31:20 -0400    
  
committer: David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 16:31:20 -0400    

Click here for diff

M Makefile
M README.md
M expected/pgaudit.out
D pgaudit–1.6–1.6.1.sql
D pgaudit–1.6.1–1.6.2.sql
R100 pgaudit–1.6.2.sql pgaudit–1.7.sql
M pgaudit.control
M sql/pgaudit.sql
M test/Dockerfile.debian
M test/Dockerfile.rhel

Documentation updates missed in PostgreSQL 14 release.

commit   : 1930790e4bd07171b54a35890a117fe32ddcab7b    
  
author   : David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 16:11:51 -0400    
  
committer: David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 16:11:51 -0400    

Click here for diff

M README.md

Add explanation why `CREATE EXTENSION` is required.

commit   : 02d3dfd91ba97a077384426cef0d77fdd4b7af38    
  
author   : Yuli <[email protected]>    
date     : Mon, 13 Jun 2022 15:41:22 -0400    
  
committer: GitHub <[email protected]>    
date     : Mon, 13 Jun 2022 15:41:22 -0400    

Click here for diff

M README.md

Explicitly grant permissions on public schema in expect script.

commit   : 6a3ab20747aafeb61591d35c2703898223b5c076    
  
author   : David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 14:00:26 -0400    
  
committer: David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 14:00:26 -0400    

Click here for diff

PostgreSQL >= 15 does not automatically grant rights on the public schema.  
  
It makes sense to back patch this to older versions to minimize differences in the script.  

M expected/pgaudit.out
M sql/pgaudit.sql

Reorder container scripts for more efficient builds across versions.

commit   : 959f0652ea75f0d0d44322f9cb5f069dbfa33194    
  
author   : David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 12:36:54 -0400    
  
committer: David Steele <[email protected]>    
date     : Mon, 13 Jun 2022 12:36:54 -0400    

Click here for diff

M test/Dockerfile.debian
M test/Dockerfile.rhel

Fix typo in pgaudit.role help.

commit   : 605aa9dad13437874b8e111f306f1cd26b67e7b1    
  
author   : tjjcarroll <[email protected]>    
date     : Wed, 4 May 2022 15:35:10 -0400    
  
committer: David Steele <[email protected]>    
date     : Wed, 4 May 2022 15:35:10 -0400    

Click here for diff

M pgaudit.c

Stamp 1.6.2.

commit   : 267eb83a14ca29f37821f297974991206aa91dee    
  
author   : David Steele <[email protected]>    
date     : Fri, 25 Feb 2022 15:00:56 -0600    
  
committer: David Steele <[email protected]>    
date     : Fri, 25 Feb 2022 15:00:56 -0600    

Click here for diff

M Makefile
A pgaudit–1.6.1–1.6.2.sql
R100 pgaudit–1.6.1.sql pgaudit–1.6.2.sql
M pgaudit.control

Skip logging script statements for create/alter extension.

commit   : 6460d9fec78c344245c70309551bb314415268a8    
  
author   : David Steele <[email protected]>    
date     : Fri, 25 Feb 2022 11:27:12 -0600    
  
committer: GitHub <[email protected]>    
date     : Fri, 25 Feb 2022 11:27:12 -0600    

Click here for diff

PostgreSQL reports the statement text for each statement in the script as the entire script text, which can blow up the logs. The create/alter statement will still be logged.
  

  
Since a superuser is responsible for determining which extensions are available, and in most cases installing them, it should not be necessary to log each statement in the script.
  

  
Reported by Craig Kerstiens (@craigkerstiens).
  
Reviewed by Joe Conway (@jconway), John Harvey (@crunchyjohn).

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql
M test/Dockerfile.rhel

commit   : 52d3ff4f13e313843077b87dd7eee472b2e9ee4f    
  
author   : crunchymaggie <[email protected]>    
date     : Fri, 25 Feb 2022 11:48:46 -0500    
  
committer: GitHub <[email protected]>    
date     : Fri, 25 Feb 2022 11:48:46 -0500    

Click here for diff

M pgaudit.c

Add security definer and search_path to event trigger functions.

commit   : 881c617084cac4985b9471426510af05c2a49dd7    
  
author   : David Steele <[email protected]>    
date     : Thu, 4 Nov 2021 14:51:17 -0400    
  
committer: GitHub <[email protected]>    
date     : Thu, 4 Nov 2021 14:51:17 -0400    

Click here for diff

Similar to #156, this prevents users from defining their own versions of functions used in the event triggers. Either one should be sufficient on its own, but both provides better defense against regressions.

M Makefile
A pgaudit–1.6–1.6.1.sql
R083 pgaudit–1.6.sql pgaudit–1.6.1.sql
M pgaudit.control

Guard against search-path based attacks.

commit   : 4c3a5023f871a70549bce4a7d750231c3f54df76    
  
author   : Sergey Shinderuk <[email protected]>    
date     : Thu, 4 Nov 2021 18:21:07 +0300    
  
committer: GitHub <[email protected]>    
date     : Thu, 4 Nov 2021 18:21:07 +0300    

Click here for diff

Use qualified references to functions and operators in the SQL queries executed by the event triggers to prevent users from defining their own functions or operators to replace them.
  

  
This would not prevent audit logging, but it would allow the user to modify the type and name of the object in the DDL statement being audited.

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Remove remaining references to Vagrant.

commit   : 6afeae52d8e4569235bf6088e983d95ec26f13b7    
  
author   : David Steele <[email protected]>    
date     : Thu, 5 Aug 2021 08:22:32 -0400    
  
committer: David Steele <[email protected]>    
date     : Thu, 5 Aug 2021 08:22:32 -0400    

Click here for diff

Testing is entirely Docker-based now.  

M .gitignore
M README.md

Fix logic to properly classify SELECT FOR UPDATE as SELECT.

commit   : bd6a261f72e08daa3a5f36b46aa4b1728d23709b    
  
author   : David Steele <[email protected]>    
date     : Thu, 5 Aug 2021 08:02:22 -0400    
  
committer: GitHub <[email protected]>    
date     : Thu, 5 Aug 2021 08:02:22 -0400    

Click here for diff

This logic was submitted in PR #88 but there was some confusion on my part about what it was supposed to do. Since the title was "Suppress logging for internally generated foreign-key queries" I tried to make it do that, and broke SELECT FOR UPDATE logging, which unfortunately had no test.
  

  
Reading the PR again, it seems Peter's intention was only to correctly classify SELECT FOR UPDATE as SELECT. In any case that represents an improvement over what we have, even if it does not suppress logging for internally generated foreign-key queries, at least not in the case of SELECT.
  

  
So, revert the logic that suppressed the SELECT FOR UPDATE logging and use Peter's logic that correctly classifies them as SELECT.
  

  
Also add a SELECT FOR UPDATE test to prevent regressions.
  

  
Reported by Sergey Shinderuk (@shinderuk).
  
Reviewed by Sergey Shinderuk (@shinderuk), Stephen Frost (@sfrost).

M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Add RHEL test container.

commit   : bb816445df1c770a6f034d7bee0f428fc2265904    
  
author   : David Steele <[email protected]>    
date     : Tue, 3 Aug 2021 16:17:09 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 3 Aug 2021 16:17:09 -0400    

Click here for diff

M .github/workflows/test.yml
A test/Dockerfile.rhel
M test/README.md
M test/test.sh

Add pgaudit.log_rows setting.

commit   : e8cded51a4a1a7f503ed29dcce0c85447d6448c5    
  
author   : Mingchun Zhao <[email protected]>    
date     : Wed, 4 Aug 2021 04:06:45 +0900    
  
committer: GitHub <[email protected]>    
date     : Wed, 4 Aug 2021 04:06:45 +0900    

Click here for diff

Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field.
  

  
The default is `off`.

M README.md
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

Add container remove to test command.

commit   : ed6975c5222de085926221596c98bfb3531f1a97    
  
author   : David Steele <[email protected]>    
date     : Sat, 17 Jul 2021 09:26:28 -0400    
  
committer: David Steele <[email protected]>    
date     : Sat, 17 Jul 2021 09:26:28 -0400    

Click here for diff

This allows the test to be run multiple times without leaving behind stopped containers.  

M test/README.md

Update for ProcessUtility_hook_type changes for 14beta2.

commit   : 70b30d43799edc106f9ebfaee178959043e33081    
  
author   : David Steele <[email protected]>    
date     : Mon, 12 Jul 2021 14:42:50 -0400    
  
committer: David Steele <[email protected]>    
date     : Mon, 12 Jul 2021 14:42:50 -0400    

Click here for diff

Commit 7c337b6b in beta2 changed ProcessUtility_hook_type so update pgaudit to match.  

M pgaudit.c

PostgreSQL 14 support.

commit   : 002f2c3c3b88b367388e04932f9234c7792485cd    
  
author   : David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 16:51:51 -0400    
  
committer: GitHub <[email protected]>    
date     : Wed, 23 Jun 2021 16:51:51 -0400    

Click here for diff

Since ExecCheckRTPerms() is no longer called for "create table as" and "create materialized view" the INSERT record will no longer be audit logged. However, the "create table as" and "create materialized view" records are still logged and they imply an insert.

M Makefile
M README.md
M expected/pgaudit.out
R100 pgaudit–1.5.sql pgaudit–1.6.sql
M pgaudit.control
M test/Dockerfile.debian

Run make clean for each test.

commit   : e3d79b03ee03735cce3b94cd01d1f53d9b04f638    
  
author   : David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 15:19:17 -0400    
  
committer: David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 15:19:17 -0400    

Click here for diff

This will prevent errors when switching branches and since there is only one file to compile there is not much to be gained by reusing prior objects.  

M test/test.sh

Remove Vagrantfile.

commit   : 6b56031e87221cab510494e00c410246d129e53c    
  
author   : David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 14:49:10 -0400    
  
committer: David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 14:49:10 -0400    

Click here for diff

This is no longer needed since Docker is now used for testing.  

D test/Vagrantfile

Add automated testing using Github Actions.

commit   : e2e5a69c4dc949d17f86b783c69c7c9b1c76f876    
  
author   : David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 14:40:00 -0400    
  
committer: David Steele <[email protected]>    
date     : Wed, 23 Jun 2021 14:40:00 -0400    

Click here for diff

A .github/workflows/test.yml
A test/Dockerfile.debian
A test/README.md
A test/test.sh

Revert "PostgreSQL 14 support."

commit   : c6d958bb4d1b19cdb649d78f45e4ca501e081d8b    
  
author   : David Steele <[email protected]>    
date     : Tue, 22 Jun 2021 14:26:35 -0400    
  
committer: David Steele <[email protected]>    
date     : Tue, 22 Jun 2021 14:26:35 -0400    

Click here for diff

This reverts commit b045fb9b90b7225b533502f733250d5a95b94450.  
  
Somehow a development version of this branch got committed, so revert until it can be fixed.  

M Makefile
M README.md
R100 pgaudit–1.6.sql pgaudit–1.5.sql
M pgaudit.c
M pgaudit.control
M test/Vagrantfile

PostgreSQL 14 support.

commit   : b045fb9b90b7225b533502f733250d5a95b94450    
  
author   : David Steele <[email protected]>    
date     : Fri, 18 Jun 2021 09:00:26 -0400    
  
committer: GitHub <[email protected]>    
date     : Fri, 18 Jun 2021 09:00:26 -0400    

Click here for diff

Since ExecCheckRTPerms() is no longer called for "create table as" and "create materialized view" we can't depend on that mechanism to log inserts into the newly created table / mat view.
  

  
Instead, capture the into relation in the utility hook and then use it to generate an insert log record at query start.

M Makefile
M README.md
R100 pgaudit–1.5.sql pgaudit–1.6.sql
M pgaudit.c
M pgaudit.control
M test/Vagrantfile

Add .editorconfig.

commit   : 5b0a3a6c1b436adb46d133c6c4e0a9ff306db094    
  
author   : David Steele <[email protected]>    
date     : Fri, 11 Jun 2021 11:06:48 -0400    
  
committer: David Steele <[email protected]>    
date     : Fri, 11 Jun 2021 11:06:48 -0400    

Click here for diff

A .editorconfig

Add pgaudit.log_statement setting.

commit   : 8831cef691b081ce71a14c10a2980de5c46a88f7    
  
author   : Peter Eisentraut <[email protected]>    
date     : Thu, 10 Jun 2021 18:27:55 +0200    
  
committer: GitHub <[email protected]>    
date     : Thu, 10 Jun 2021 18:27:55 +0200    

Click here for diff

This setting, when turned off (not default), turns off all logging of the full statement text and parameters. This is analogous to log_statement_once, except it never logs the statement.
  

  
Depending on requirements, the full statement text might not be required in the audit log. The combination of command tag and object can be enough. Omitting the full statement text makes the logs less verbose and can also prevent some accidental information leaks.

M README.md
M expected/pgaudit.out
M pgaudit.c
M sql/pgaudit.sql

commit   : 28faa197d3a4c63738e9a2f74488f555dc9d95e5    
  
author   : David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 09:09:59 -0500    
  
committer: David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 09:09:59 -0500    

Click here for diff

M pgaudit.c

Remove PostgreSQL 13 repository used for pre-release testing.

commit   : 94a2ae8c203a0a305edf59787a4af57651e59d2b    
  
author   : David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 09:05:18 -0500    
  
committer: David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 09:05:18 -0500    

Click here for diff

M test/Vagrantfile

Improve compile and install instructions.

commit   : fd4319f7c8e215a4f291975f48c931fd55f5b037    
  
author   : David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 08:55:42 -0500    
  
committer: David Steele <[email protected]>    
date     : Tue, 12 Jan 2021 08:55:42 -0500    

Click here for diff

Adding PG_CONFIG to make suggested by @vkhvorostianyi.  

M README.md

Remove make check from compile and install section of README.md

commit   : 7169e84e1aa6d68f5c59701655ef31f810d171f5    
  
author   : Michael Otte <[email protected]>    
date     : Tue, 12 Jan 2021 05:32:44 -0800    
  
committer: GitHub <[email protected]>    
date     : Tue, 12 Jan 2021 05:32:44 -0800    

Click here for diff

This only works when pgaudit is located in a PostgreSQL source tree.

M README.md